summaryrefslogtreecommitdiffstats
path: root/fs/ext4/ext4.h
diff options
context:
space:
mode:
authorTheodore Ts'o <tytso@mit.edu>2018-06-17 06:41:14 +0200
committerTheodore Ts'o <tytso@mit.edu>2018-06-17 06:41:14 +0200
commitc37e9e013469521d9adb932d17a1795c139b36db (patch)
treea7a39bc1259d9c8398817a5c7c05fcc87e8f6bb6 /fs/ext4/ext4.h
parentext4: avoid running out of journal credits when appending to an inline file (diff)
downloadlinux-c37e9e013469521d9adb932d17a1795c139b36db.tar.xz
linux-c37e9e013469521d9adb932d17a1795c139b36db.zip
ext4: add more inode number paranoia checks
If there is a directory entry pointing to a system inode (such as a journal inode), complain and declare the file system to be corrupted. Also, if the superblock's first inode number field is too small, refuse to mount the file system. This addresses CVE-2018-10882. https://bugzilla.kernel.org/show_bug.cgi?id=200069 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org
Diffstat (limited to 'fs/ext4/ext4.h')
-rw-r--r--fs/ext4/ext4.h5
1 files changed, 0 insertions, 5 deletions
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 859d6433dcc1..4bd69649a048 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1502,11 +1502,6 @@ static inline struct ext4_inode_info *EXT4_I(struct inode *inode)
static inline int ext4_valid_inum(struct super_block *sb, unsigned long ino)
{
return ino == EXT4_ROOT_INO ||
- ino == EXT4_USR_QUOTA_INO ||
- ino == EXT4_GRP_QUOTA_INO ||
- ino == EXT4_BOOT_LOADER_INO ||
- ino == EXT4_JOURNAL_INO ||
- ino == EXT4_RESIZE_INO ||
(ino >= EXT4_FIRST_INO(sb) &&
ino <= le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count));
}